Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 23:52
Static task
static1
Behavioral task
behavioral1
Sample
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Resource
win10v2004-20240426-en
General
-
Target
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
-
Size
51KB
-
MD5
880bb22be5ca5146b402ffecf07df8b7
-
SHA1
727cf903f584aea9fe59be8b60a7a00367251011
-
SHA256
7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41
-
SHA512
8c99fdd0626e3e79c580602ae3dc223822ab2d84de9fc885a5b0680b91cc9a7fe34a3431fc5da2e0c3a8c29244cb3742c5b8b2cefa77633c3d891e6150a4f356
-
SSDEEP
768:W7BlpppARFbhWJQi3I1krJwYSoVaEI1krJwYSoVaX:W7ZppApHiYRoVa3RoVaX
Malware Config
Signatures
-
Renames multiple (5122) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD5931543d14badfa279f667bd13596d4f3
SHA15385bf0bd00f86db8ba1edf9c41b78316c162e2a
SHA256b0f77e3c999864f92c11134df9c235fa3f4655a8ff703ff38bf97e078bc7f527
SHA5128953113e0023f2a9fb05069eb35f7d976720348268ae76b461e54d63eadf614a8301de45fbe8bacdac96268729ef88bc3bdf17a5ece477a710fbd56e7b21dcef
-
Filesize
150KB
MD5b7d8223c3a3c19f00579617343e4764c
SHA1a54f68af4cd2396867849d19fea3259a0d27afdd
SHA256e3ed55e3d86b89c962223cde38a21fd57fe08d3327a7ca06f01a794eab82b11e
SHA512ae345f1b0757da8afffa712f1e9cfd01bbd1413a9586dc4b29b9285ad95d3d7bc329805605686d2a54d100ea1ba8277a3256513d7cf714ecc113c3efe56bde49